Viewpoint: Layered Approach Ideal to Fight Man-in-the-Browser Attacks

According to Forrester Research, between 2009 and 2014 the number of U.S. households banking online is expected to increase from 54 million to 66 million. While online banking grows apace, the depth and scale of threats to Internet banking security becomes more complex. Be it a result of phishing, kiting, man-in-the-browser or Dumpster diving for personal data from an individual's social networking site — the fraudster's tool kit grows by the day.

In the past, banks invested in multifactor authentication to try to ensure that only legitimate users accessed online banking systems; they also invested in systems that provide IP address intelligence for online banking transactions. However, although IP address intelligence detects account takeover where fraudsters have used phishing techniques and malware to obtain login credentials of legitimate users, it falls short at detecting man-in-the-browser attacks — which take place without affecting the legitimate device and IP address data sent with the transaction.

So what can banks do to protect themselves from man-in-the-browser attacks? Customer authentication measures aren't sufficient, so instead banks can mitigate their risk by gaining a better understanding of the activity within an online banking session to determine if it fits the established profile of the genuine customer.

Increasingly, banks that take a layered approach to monitoring a customer's account and transaction activity are in the strongest position to minimize online fraud. For example, all customer interactions can be categorized into event classes that incorporate monetary and nonmonetary actions such as: payment events — financial transactions such as funds transfers and bill payments; login events — IP address and session ID profiling; password events — changes in logon passwords; profile events — changes to customer demographic information; and navigation events — changes to how a customer navigates an online portal. A break in pattern of one of these may not indicate fraudulent activity. However when monitored together, the identification of small anomalies becomes a strong predictor of criminal intent.

Not only are customers bombarded with security threats from the moment they log on to their PC, cell phone or smart phone, but once "in," fraudsters are increasingly cunning in navigating a customer's banking and financial profile; and attacking that customer across multiple transaction channels, from checking to credit and debit card or savings accounts. So, even if a fraudster enters an account through a low-balance debit card, he can move from there into a customer's savings or loan account and quickly begin removing funds — thus vastly raising the risk and size of the potential loss. Because many financial institutions' banking security systems are often deployed in silos, fraudsters seek to gain access through one silo and jump to another to take advantage of a multitude of channels and transactions. Banks and financial institutions need to explore enterprise fraud management systems that take a full view of an institution's relationship with a customer. An enterprisewide approach protects institutions at multiple levels, from identity theft to deposit fraud. This expanded view allows institutions to better detect and prevent fraud by monitoring transactions and events across the range of customer activity.

Genuine customers tend to make transfers and bill payments to the same accounts and of fairly consistent amounts. Alternatively, fraudsters will transfer money to an account or biller that the genuine customer has never used, often for a much greater value than normal. Account profiling is a technique that enables institutions to cross-reference all external accounts with which a customer has transacted in the past 12 months against each new transfer. When high-risk activity is detected, action can be taken in real time or near real time to stop the transfer of funds from the customer's account, or to contact the customer to confirm that the transaction is genuine.

Combining real-time fraud detection tools with customer information across various channels gives banks a complete view of behavior to reduce fraud and detect fraud patterns faster in order to stay ahead of rapidly changing threats. Moreover, a layered approach to online banking fraud monitoring, one that analyzes login events, outgoing transactions and risky sequences of events, best positions an institution to minimize online banking fraud, thus mitigating risk, protecting the brand and increasing customer satisfaction and loyalty — precious commodities these days.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER